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DETAILED ACTION 

Continued Examination Under 37 CFR 1,114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 . 1 7(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 2/1/2006 has been entered. 

Response to Arguments 

2. In response to communications filed on 2/1/2006, Applicant amends claims 1, 6, 7, 18, 
and 20-27. The following claims 1-27 are presented for examination. 

2. 1 Applicant's arguments, see pages 23-3 1, filed on 2/1/2006, with respect to the rejection 
of claims 1-27, have been fiiUy considered, but they are not persuasive. Applicant argues that 
the control and monitoring unit of Bauer cannot reasonably be considered to correspond to a data 
carrier attached to an article that stores information relative to the article, the data carrier being 
an electronic tag, because the control and monitoring unit of Bauer has a computer with data and 
program memories in addition to other features. Examiner respectfully disagrees. First the 
electronic tag as defined in Applicant's disclosure is merely a data carrier. Applicant's 
disclosure, page 3 recites, "To exclude such a fraudulent practice, a modified method in which 
the information is stored together with a signature in an electronic tag (data carrier) has been 
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proposed. An electronic tag is referred to as a data carrier hereinafter". Applicant's background 
clearly admits that a data carrier or electronic tag attached to an article that stores information 
relative to the article has been well known in the art, Bauer also discloses in column 1, that these 
are well known features and further discloses way of improving risk and liability in a transport 
system using a data carrier by having a continuous monitoring and control of the merchandise 
from the manufacturer to the final destination in such a manner that only authorized persons by 
way of coding can obtain access to all units; and the party responsible for the transport can read 
out and document the data stored in the data carrier up to the point in time of delivery as a proof 
of the party's performance; it is desirable that uninterrupted proof be maintained concerning the 
course of transport (see Bauer's summary of invention). In response to Applicant's reply that 
there is no suggestion of a data carrier attached to an article that stores information relative to the 
article, Bauer discloses "a control and monitoring unit firmly connected with the good (article) to 
be distributed and accompanies the good with the transport momentary state is recorded, stored, 
and possibly displayed" (column 2, lines'10-25). In response to AppUcant's argument that "it is 
difficult to understand how a memory card can comprise a computer and a memory card cannot 
reasonably be considered to comprise a computer". Examiner would like to clarify for Applicant 
that a computer is a device that computes and a memory card comprises this functionality. In 
response to Applicant's argument that the smartcard of Sudia cannot reasonably perform 
signature generating process because it cannot correspond to a signature module, Examiner 
respectfully disagrees (see Sudia' s summary). Examiner asserts that Sudia discloses signing 
devices and smart card as an example of signing device and clearly discloses a smart card that 
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affix signatures and participates in signature generating process as shown at least in the 
paragraphs below: 

[0046] Groups of authorizing agents 23, 25, 27, 29, 3 1 are also interconnected through the network to one another 
and to the signing devices 1 1, 13, 15, 17, 19. Each authorizing agent is a person acting through a trusted computer 
device (such as a tamper-resistant smart card, or odier trusted device) as will be discussed more fully below. 

[0057] The signing device previously shown in FIG. 2 may also be a smart card having the same general design as 
the trusted devices of the authorizing agents. 

[0054] FIG. 3 illustrates a working station for authorizing agents. The human operators who act as authorizing 
agents may work in relatively unsecured areas at desk-top computers or terminals 51 typically found in a business 
office. Each such computer or terminal will have a card reader 53, and each operator will have a secure "smart 
card" 55. Each smart card 55 securely contains a private decryption key and a private signature key which are 
unique to that smart card. The human operator can use the card to issue signing instructions. Such a trusted device 
may be implemented using a FIPS level-3 device, such as an Power card from National Semiconductor Corp. of 
Santa Clara, Calif., which can be readily reprogrammed at the firmware level to allow for progressive evolution of 
new methods and procedures for secure signing and authorization without needing to replace the physical devices. 
Each authorizing agent's trusted device must have at least a private signature key. Preferably, the private signature 
key is installed in the device at time of manufacturer, and the corresponding public verification key is "certified" by 
the manufacturer. Certification here means that the manirfacturer has included, with the trusted device, an 
electronic message containing the device's serial number and public key, along with its model number and other 
evidence of its trusted characteristics, and that message (certificate) has been signed by the manufacturer. 

[0055] The human operators use their desk-top computers to read and generate messages. When a human operator 
wishes to sign a message, the desk-top computer sends the message to the trusted device, which appends a digital 
signature using the device private signature key. In the preferred embodiment, this signature is the signature of a 
second signature key pair which has been specifically generated for and certified as belonging to the specified user. 
In this manner, the system can continue to use the device's signature to verify the trust level of the device on any 
given transaction, while using the user's signature to attest to the user's identity and consent to the transaction. 
This allows the user key to be generated and revoked remotely, depending possibly on various administrative facts 
about the user's identity or authority, while also allowing the device to be reused, or to host several other user key 
pairs which the user may wish to use for other unrelated purposes. 

Applicant has amended the independent claims to further Umit the claimed invention. However, 
upon further consideration, applicant has not overcome the rejection as illustrated above an in the 
rejection of the claims. Claims 1-27 remain rejected in view of the same references. 



Claim Rejections - 35 USC §103 
3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 



obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

3.1 Claims 1-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
5,1 17,096 to Bauer et al, in view of US Patent Publication US 2002/0013898 to Sudia et al. 

3.2 As per claims 1, 10, .11, and 12, Bauer et aL substantially teaches a distribution 
information management system having a structure comprising a control and monitoring unit 
connected with the goods to be distributed with sensors and actuators for storing state of 
distribution process that meets the recitation of a data carrier attached to an article that stores 
information relative to the article, the data carrier being an electronic tag (see column 2, lines 10- 
24), 

a distribution information processing module (3) comprising: 

quick look unit (51) and interface (3 1) as input/output circuit for data reading in or out of 
the control monitoring unit that meets the recitation of a reading part and storing part that reads 
out data of the data carrier and stores information in the data carrier, for example (see column 6, 
lines 18-25); 
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an information generating unit (41) that processes the information to be stored in the data 
carrier wherein the information includes at least a signer identifier that is a receiver identifier of 
last information stored in the data carrier, for example (see column 2, lines 25-28; column 5, Une 
66 through column 6, line 15 and column 5, lines 9-21); 

communication lines for communication between (2) and (4) or (3) and (4) that meets the 
recitation of a first communication part that communicates with the distribution information 
management module (4) (see figure 1) (see also column 6, lines 33-37); 

a memory card (2), (first information verification unit) comprising: 

a computer (32), (first verification part), for read write access and suggests using access 
code that meets the recitation of a first information verification unit comprising a first 
verification part that verifies the information read out from the data carrier a first verification key 
storage part (33 and 34) that stores the verification key used by the first information verification 
part for verification of the information, for example (see column 2, lines 15-25 and column 6, 
lines 1-55); 

an information generating unit (41) that processes the information to be stored in the data 
carrier comprising: distribution information generating part (44) that generates the information 
to be stored in the data carrier (see column 2, lines 24-38 and column 6, lines 38-65). 

Bauer et ah discloses a programmable card as well as an analysis unit for verifying all 
transactions during the distribution process, for example (see column 2, line 47 through column 
3, line 35) and discloses each unit comprising computer and interfacing with the memory card 
and capable of interfacing with each other (see figure 1). Although Bauer et ah discloses some 
security with access code etc., Bauer et al. does not explicitly disclose a signature generating 
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process that stores signature key information for generating a digital signature. However, Sudia 
et al in an analogous art discloses a distribution verification system that is able to sign and verify 
the signature of the sender comprising first verification key storage part that stores the 
verification key used by the first information verification part for verification of the information, 
for example (see page 3, paragraphs 44-45, 0047-0048; page 5, paragraph 72; page 6, paragraph 
78), a signature module that performs signature generating process, for example (see page 4, 
paragraph 0054); a signature key storage part that stores the signature key information used by 
the signature module for generating a digital! signature, for example (see page 4, paragraphs 
0054-0055); Sudia et al discloses that each signing device and each authorizing agent has set of 
public and signature verification keys of other devices (page 5, paragraph 0066), and suggests 
that keys will be selected or acquired from the stored keys (page 4, paragraph 0050) that meets 
the recitation of a signature key information selection part; that selects a signature key 
information stored in the signature key storage part; a signature key information acquisition part 
that acquires the signature key information from the distribution information management 
module, for example (see page 4, paragraph 0050); the signature module comprising: a signature 
part that generates a digital signature for the information generated by the distribution 
information generating part, for example (see page 4, paragraphs 0054-0055); and a first signer 
private information storage part that stores signer private information used by the signature part 
for generating a digital signature, for example (see page 4, paragraphs 0054-0055); Sudia et al 
discloses assigning or including in the header of each document a document and signature 
tracking to assist in managing the flow of documents through the system comprising the total 
number of partial signatures needed to complete the signature and the number of partial 
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signatures already applied (see page 14, paragraphs 229-234) that meets the recitation of a 
signature key use limit information storage part that stores a signer key use limit information to 
indicate whether the signature key information is already used. Sudia et al suggests interaction 
between devices and a signature key information generating part that generates a signature key 
information used by the distribution information processing module, for example (see page 5, 
paragraphs 0067-0072) Sudia et al adds that the verification process disclosed offers several 
advantages in preventing tampering (page 4, paragraph 0053) including applying a signature and 
at the same time verifying the signature of the sender and with improved security and flexibility 
(see page 1, paragraphs 0006 and 0012). Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the system of Bauer et al. 
to provide a key signature verification process as taught by Sudia et al capable of generating, 
storing, selecting key, and verifying signature of the sender. One of ordinary skill in the art 
would have been motivated to do so because Sudia et al teaches many advantages as explained 
below to implement a multi-step signing system, when plurality of signatures are needed from 
authorized agents that are widely dispersed (par. 6 and 43). The motivation to do so is given by 
Sudia et al who teaches a multi-step signing system wherein the signing module provided for 
verifying signature of other signers for performing, generating and distributing keys is a tamper- 
proof secure signing device; security of the system is enhanced by distributing capability to affix 
signatures among a plurality of signing devices, the system can use the signature of the device to 
verify the trust level of the device on any given transaction; Sudia et al further teaches, no single 
signing device or location needs to contain the signature key where it can be compromised 
instead multiple sites must fail or compromise together; the system is both secure and flexible 
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because if any signing device fails it can be replaced, security is enhanced as the signing 
operation cannot be completed with a single signing device (see page 2, paragraphs 12-15). 

Bauer et ah discloses communication lines for communication between (2) and (4) or (3) 
and (4) that meets the recitation of a first communication part that communicates with the 
distribution information management module (4) (see figure 1); and further discloses the 
distribution information management module (4) comprising: interface that meets the recitation 
of a second communication part that communicates with the distribution information processing 
module, for example (see column 6, lines 35-50); 

Bauer et al. discloses a programming unit capable of programming information and access 
codes in the control and monitoring unit (1) and a memory card (2) and processing and 
verifying information (column 4, line 66 through column 5, lines 37) that meets the recitation 
• of second information verification part that verifies the information received from the 
distribution information processing module; other unit such as (61) that may be connected to 
(4) may perform similar process for example (see column 6, lines 32-65). 

Sudia et al discloses signing device and authorizing agent that can perform the same 
function as discussed above (see page 5, paragraph 0057); therefore, Sudia et al also discloses a 
second verification key storage part that stores the verification key used by the second 
information verification part for verification of the information (see page 5, paragraph 0066); a 
signature key information generating part that generates a digital signature key information used 
by the distribution information processing module for generating a distribution information, for 
example (see page 5, paragraph 0069); a signature key storage part and a signer private 
information selection part that selects signer private information used by the signature key 
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information generating part for generating signature key information (see page 4, paragraphs 
0054-0055); and a second signer private information storage part that stores the signer private 
information (see page 5, paragraphs 0066 and 0072). Therefore, it would have been obvious to 
one skilled in the art at the time the invention was made to modify the system of Bauer et al. to 
provide a second key signature verification unit as taught by Sudia et al capable of generating, 
storing, selecting key, and verifying signature of the sender. One of ordinary skill in the art 
would have been motivated to do so because Sudia et al teaches many advantages as explained 
below to implement a multi-step signing system, when plurality of signatures are needed from 
authorized agents that are widely dispersed (par. 6 and 43). The motivation to do so is given by 
Sudia et al who teaches a multi-step signing system wherein the signing module provided for 
verifying signature of other signers for performing, generating and distributing keys is a tamper- 
proof secure signing device; security of the system is enhanced by distributing capability to affix 
signatures among a plurality of signing devices, the system can use the signature of the device to 
verify the trust level of the device on any given transaction; Sudia et al further teaches, no single 
signing device or location needs to contain the signature key where it can be compromised 
instead multiple sites must fail or compromise together; the system is both secure and flexible 
because if any signing device fails it can be replaced, security is enhanced as the signing 
operation cannot be completed with a single signing device (see page 2, paragraphs 12-15). 

As per claims 2-3, both references suggest using a smart card for verification process 
that can be detachable from other units. Sudia et al discloses using a smart card that is 
tamperproof that meets the recitation of wherein the signature module is tamperproof and 



Application/Control Number: 09/454,865 Page 1 1 

Art Unit: 2136 

detachable from the distribution information processing module (see page 4, paragraphs 0054- 
0055). Therefore, claim 2 is rejected on the same rationale as the rejection of claim 1. 

As per claim 4, Bauer et ai. discloses the claimed system of claim 1 but does not 
disclose the limitation wherein the information generating unit has a signature key use limit 
information storage part that limits a specified number times for signatures performed using the 
signature key, the signature key information selection part does not select signature key 
information used more than a specified number of times for signature. It is well known in the art 
program that limits and revokes number of times of performing password or using keys. Sudia 
et al discloses limiting use of key signature and key revocation that meets the recitation of a 
signature key use limit information storage part that limits a specified number times for 
signatures performed using the signature key, the signature key information selection part does 
not select signature key information used more than a specified number of times for signature, 
for example (see page 5, paragraphs 0056, and page 6, paragraph 0075, and page 7, paragraphs 
0014-01 15 and page 13, paragraph 0197). Therefore it would have been obvious to one skilled 
in the art at the time the invention was made to modify the system of Bauer et ah to limit a 
specified number times for signatures performed using the signature key, not selecting signature 
key information used more than a specified number of times for signature as suggested by Sudia 
et al. This modification would have been obvious because one skilled in the art would have been 
motivated to do so in order to protect keys from susceptible attacks as suggested by Sudia et ai 
(see page 7, paragraphs 0014-01 15). 
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As per claim 5, Sudia et al discloses the limitation of wherein the signature key use limit 
information storage part is disposed in the signature module (see page 7, paragraphs 0014-01 15). 
Therefore, claim 5 is rejected on the same rationale as the rejection of claim 4. 

Claim 6 has the same limitation as claim 1 except for adding a second reading and 
storage part in the information generating module. Bauer et al. discloses more than one unit 
with reading/writing means to read and store the information in the data carrier (see column 2, 
lines 10-40 and column 3, lines 25-45 and column 4, lines 1-12). 

Claim 7 has the same Umitation as the rejected claim 1 except for adding a third 
communication part. Bauer et al. discloses many interfaces between the units (see figure 1). 
Therefore, claim 7 is rejected on the same rationale as the rejection of claim 1. 

As per claim 8, Sudia et al discloses the limitation of wherein the verification key stored 
in the first verification key storage part and the second verification storage part is common for all 
the distribution information processing modules and distribution information modules, for 
example (see page 3, paragraph 0048). Therefore, claim 8 is rejected on the same rationale as 
the rejection of claim 1. 

As per claim 9, Sudia et al discloses signing device and authorizing agent that can 
perform the same fijnction as discussed above (see page 5, paragraph 0057). 
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As per claim 13, Bauer et al. discloses the limitation wherein the information stored in 
the data carrier comprises at least a product identifier, an identifier of a receiver at a destination 
of the article and access coding, and which information is stored as one unit (see column 6, lines 
1-25 and column 4, line 67 through column 5, line 22), Bauer et al. des not explicitly disclose a 
signature value, but discloses using a data carrier for documenting the originator or addressee 
and the transfer of responsibility for the transport and control operations during the whole course 
of distribution (column 2, lines 46-67), However, Sudia et al discloses appending signature 
value to verify the sender, for example (see page 4, paragraph 0055). Therefore it would have 
been obvious to one skilled in the art at the time the invention was made to modify the system of 
Bauer et al. to add a signature value to the data carrier so as to authenticate the originator or 
sender and to prevent tampering. This modification would have been obvious because one 
skilled in the art would have been motivated to do so in order to have further control of 
authorization during the distribution process as suggested by Sudia et al (see page 1, paragraph 
0012). 

As per claim 14, Bauer et al, suggests maintaining proof concerning the course of the 
transport and discloses a data carrier for holding all information during the course of the 
distribution process for replacing transport papers (see column 2, lines 47-60 and column 1 , lines 
49-62). Sudia et al discloses the Umitation of wherein the information stored in the data carrier 
contains at least a verification key identifier, and which information is stored as one unit (see 
page 6, paragraph 0078). Therefore claim 14 is rejected on the same rationale as the rejection of 
claims 1 and 13. 



Application/Control Number; 09/454,865 
Art Unit: 2136 



Page 14 



As per claim 15, Bauer et al. discloses the limitation wherein the information stored in 
the data carrier contains at least a distribution information management module identifier, and 
which information is stored as one unit (see column 6, lines 1-12). 

As per claim 16, Bauer et al. discloses the limitation wherein the information stored in 
the data carrier as one unit contains at least a product identifier, an identifier of a receiver at a 
destination of the article and access coding that can be separately from the information for unit. 
Bauer et al discloses a data carrier with different units, it is obvious to one skilled in the art that 
the signature value can be stored separately from the other information, (see column 6, lines 1-12 
and lines 25-37). Sudia et al discloses using signature value to verify the sender, for example 
(see page 4, paragraph 0055) as discussed in claim 13 above. Claim 16 is rejected on the same 
rationale as the rejection of claims 1 and 13. 

As per claim 17, Bauer et al. discloses the limitation wherein the information stored in 
the data carrier contains at least a product identifier, an identifier of a receiver at a destination of 
the article and a verification key identifier and which information is stored as one unit, and 
identification code that indicates each verifier that meets the recitation of the information has a 
signature value corresponding to the verification key identifier for each verification identifier 
(see column 3, lines 9-26 and column 5, Hnes 1-11; column 5, line 65 through column 5, line 37). 
Bauer et al. discloses continuous proof and monitoring throughout the transport (see column 1, 
lines 49 et seq. and column 2, lines 15-24). Sudia et al discloses wherein the information stored 
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in the data carrier contains at least a product identifier, an identifier of a receiver at a destination 
of the article and a verification key identifier and which inforniation is stored as one unit, and the 
information has a signature value corresponding to the verification key identifier for each 
verification identifier (see page 6, paragraph 0078). Claim 17 is rejected on the same rationale as 
the rejection of claims 1 and 13. . ^ 

As per claim 18, Bauer et ai. discloses a data. carrier attached to an article for storing 
information of the article that stores (see column 4, lines 46 et seq.): distribution information 
generated for each one or one set of transaction in the distribution process of the article, wherein 
the distribution information includes at least a signer identifier that is a receiver identifier of last 
information stored in the data carrier; and at least a part of a signature value of at least part of a 
piece of the distribution information or at least part of each of serial pieces of the distribution 
information (see column 5, Unes 1-22 and column 5, line 65 through column 6, line 37). Claim 
18 contains similar hmitation as claims 1 and 13 and therefore is rejected on the same rationale 
as the rejection of claims 1 and 13. 

As per claim 19, Bauer et al. discloses the limitation wherein the distribution 
information of the article contains at least an identifier of the article, an identifier of the receiver 
who received the article, and identification code that indicates each verifier that meets the 
recitation of identifier of the signer who generates the signature value (see column 5, line 65 
through column 6, line 37). Sudia et al discloses an identifier of the receiver who received the 
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article, and the identifier of the signer who generates the signature value (see page 6, paragraphs 
0078 and 0080) as discussed in claim 13. 

Claims 20-23 are similar to the rejected claim 1 except for incorporating the claimed 
system into a module and a method. Therefore, claims 20-23 are rejected on the same rationale 
as the rejection of claim 1 , 

Claims 24-25 have the same limitation as the rejected claim 1 except for incorporating 
the claimed system into a computer program product. Therefore, claims 26-27 are rejected on 
the same rationale as the rejection of claim 1 . 

Claims 26-27 have the same limitation as the rejected claim 1. Therefore, claims 26-27 
are rejected on the same rationale as the rejection of claim 1 . 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure as the art discloses a distribution system with key signature verification where each 
verifier can generate own signature. 

US Patents : 5,661,803, 5982,896 to Cordery et al 5,5444,086 Davis et al . 

6,005,945 Whitehouse 
US Patent Publication : US 2001/0044780 Miyazaki et al. 
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examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
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supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
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may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http ://pair-direct.uspto. gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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